PC slows down and Gdata issues
picnono77320
Posted messages
1
Status
Member
-
jacques.gache Posted messages 34829 Status Security Contributor -
jacques.gache Posted messages 34829 Status Security Contributor -
Good evening everyone.
I'm new and I'm deciding to reach out to the community because I'm struggling.
I'm on XP Pro 2002 SP3 AMD 1.25GHz RAM 1.75Go.
My PC has been slow for a while, and even more since I installed Java and Gdata last week!
After the new installation of Gdata Antivirus 2010, license OK, Antivirus engine A loaded OK, Engine B is blocked: AVK.exe has encountered a problem... or GDSC.exe has encountered a problem...
If you have any tips, I’m all ears.
I’ve installed and scanned with MalwareBytes, Ccleaner, and Gdata. There are no viruses!!!!
I’m stuck!
Thank you in advance for your responses.
I'm new and I'm deciding to reach out to the community because I'm struggling.
I'm on XP Pro 2002 SP3 AMD 1.25GHz RAM 1.75Go.
My PC has been slow for a while, and even more since I installed Java and Gdata last week!
After the new installation of Gdata Antivirus 2010, license OK, Antivirus engine A loaded OK, Engine B is blocked: AVK.exe has encountered a problem... or GDSC.exe has encountered a problem...
If you have any tips, I’m all ears.
I’ve installed and scanned with MalwareBytes, Ccleaner, and Gdata. There are no viruses!!!!
I’m stuck!
Thank you in advance for your responses.
6 answers
Good evening Jacques, sorry for the delay!
Here is the report:
~ ZHPDiag report v2014.1.17.19 - Nicolas Coolman (01/17/2014)
~ Run by NONO (01/23/2014 12:04:54)
~ Website Address http://nicolascoolman.webs.com
~ Free Assistance Forums for disinfection: http://nicolascoolman.webs.com/apps/links/
~ Translated by Nicolas Coolman
~ Version status:
~ Whitelist: Enabled by the program
~ Privilege Elevation: OK
~ User Account Control (UAC):
---\\ Internet Browsers
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 26.0 (Default)
---\\ Windows Product Information
~ Language: French
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates: OK
Windows Genuine Advantage: KO
---\\ System Protection Software
G Data AntiVirus v20.0.3.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimization Software
CCleaner v3.07 => Piriform Ltd
---\\ PeerToPeer Sharing Software
---\\ Software Surveillance
Java 7 Update 45
---\\ System Information
~ Processor: x86 Family 6 Model 8 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (67% free)
System Restore: Enabled
System drive C: has 177 GB (59%) free of 298 GB
---\\ System Connection Mode
~ Computer Name: NONO-OX0AZM41UK
~ User Name: NONO
~ All Users Names: UpdatusUser, NONO, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment Variables
~ System Unit: C:\
~ %AppZHP%: C:\Documents and Settings\NONO\Application Data\ZHP\
~ %AppData%: C:\Documents and Settings\NONO\Application Data\
~ %Desktop%: C:\Documents and Settings\NONO\Bureau\
~ %Favorites%: C:\Documents and Settings\NONO\Favoris\
~ %LocalAppData%: C:\Documents and Settings\NONO\Local Settings\Application Data\
~ %StartMenu%: C:\Documents and Settings\NONO\Menu Démarrer\
~ %Windir%: C:\WINDOWS\
~ %System%: C:\WINDOWS\system32\
---\\ Disk Units Enumeration
C: Hard drive, Flash drive, Thumb drive (Free 177 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 26 Go of 112 Go)
---\\ Windows Security Center Status
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Specific Search for Generic Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Windows Explorer.) (.04/14/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.BC2D4A54CEDD78ED5D65C27CE9C293C6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.10/25/2013 - 12:24:09.) -- C:\WINDOWS\system32\wininet.dll [841216]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Windows NT Logon Application.) (.04/14/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.08/17/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04/13/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.04/13/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.04/13/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - FIPS Cryptography Driver.) (.04/14/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.04/13/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - i8042 Port Driver.) (.04/14/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.04/13/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.04/13/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.04/13/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/15/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.04/13/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.04/13/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Parallel Port Driver.) (.04/14/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.04/13/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.04/13/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Red Book audio filter driver.) (.04/14/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Volume Shadow Copy driver.) (.04/14/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s
---\\ Status of Hidden Files (Hidden/Total)
~ My Pictures: 2/17
~ My Musics: 1/143
~ My Videos: 1/5
~ My Favorites: 1/70
~ My Documents: 2/2770
~ My Desktop: 1/1017
~ Programs: 1/20
~ Hidden Files: Scanned in 00mn 06s
---\\ Running Processes
[MD5.9AB5ED2F5F2A9DC947F13CF0D39843B3] - (.G Data Software AG - G Data AntiVirus Proxy Service.) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1054792] [PID.1816]
[MD5.2064FEBDA3F9031B6C416740985F3259] - (.G Data Software AG - G Data InternetSecurity Scheduler Service.) -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [397896] [PID.1832]
[MD5.360E4F34D4FD87A432639A48054954EA] - (.G Data Software AG - G Data Filesystem Monitor Service.) -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [1251488] [PID.1864]
[MD5.641199534871783DD74138FE0BCFDAE7] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [271720] [PID.236]
[MD5.3A990B8FA88E1B9F2D99C1B9B8D76F4B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.9.) -- C:\WINDOWS\system32\nvsvc32.exe [156448] [PID.304]
[MD5.D31F31342349964E245EAAC1BDC5F6A6] - (.G Data Software AG - G Data AntiVirus Scan Server.) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [302152] [PID.684]
[MD5.872B3D5F6F9F9BDFD6A83EE8AA5824B4] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632] [PID.2152]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- system32\RunDLL32.exe [0] [PID.2192]
[MD5.649667D4793ABA2B1CD933AA14278C0D] - (.G Data Software AG - G Data InternetSecurity Tray Application.) -- C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe [925768] [PID.2236]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.1488]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.3728]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Startup, Search, Extensions (G0,G1,G2)
C:\Documents and Settings\NONO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins, Startup, Search, Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\prefs.js
C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\user.js
M3 - MFPP: Plugins - [NONO] -- C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\searchplugins\iminent.xml => Adware.IMBooster
M3 - MFPP: Plugins - [NONO] -- C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\searchplugins\sweetim.xml => PUP.SweetIM
M3 - MFPP: Plugins - [NONO] -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
P2 - FPN: Firefox Plugin Navigator (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll => P2P.BitComet
~ Firefox Browser: 17 Legitimates Filtered in 00mn 03s
---\\ Internet Explorer, Startup, Search, URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analysis of lines F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts File Redirection (O1)
~ The hosts file is clean.
~ Hosts File: Scanned in 00mn 00s
~ Number of lines: 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: G Data WebFilter - [HKLM]{0124123D-61B4-456f-AF86-78C53A0790C5} . (.G Data Software AG - G Data WebFilter Plugin.) -- C:\Program Files\G Data\AntiVirus\Webfilter\AVKWebIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [UpdatusUser]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe => .Microsoft Corporation
O4 - GS\Program [NONO]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe => .Microsoft Corporation
O4 - GS\Program [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe => .Microsoft Corporation
~ Global Startup: 8 Legitimates Filtered in 00mn 00s
---\\ Applications Launched at System Startup (O4)
O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files\Microsoft Office\Office10\OSA.exe => .Microsoft Corporation
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll => .NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] . (.G Data Software AG - G Data InternetSecurity Tray Application.) -- C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WahOO] Orphan key
O4 - HKCU\..\Run: [eType] C:\Documents and Settings\NONO\Application Data\eType\eType.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-1614895754-1844237615-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1614895754-1844237615-682003330-1003\..\Run: [WahOO] Orphan key
O4 - HKUS\S-1-5-21-1614895754-1844237615-682003330-1003\..\Run: [eType] C:\Documents and Settings\NONO\Application Data\eType\eType.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Buttons on the Main Internet Explorer Toolbar (O9)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra
Here is the report:
~ ZHPDiag report v2014.1.17.19 - Nicolas Coolman (01/17/2014)
~ Run by NONO (01/23/2014 12:04:54)
~ Website Address http://nicolascoolman.webs.com
~ Free Assistance Forums for disinfection: http://nicolascoolman.webs.com/apps/links/
~ Translated by Nicolas Coolman
~ Version status:
~ Whitelist: Enabled by the program
~ Privilege Elevation: OK
~ User Account Control (UAC):
---\\ Internet Browsers
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 26.0 (Default)
---\\ Windows Product Information
~ Language: French
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates: OK
Windows Genuine Advantage: KO
---\\ System Protection Software
G Data AntiVirus v20.0.3.0
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimization Software
CCleaner v3.07 => Piriform Ltd
---\\ PeerToPeer Sharing Software
---\\ Software Surveillance
Java 7 Update 45
---\\ System Information
~ Processor: x86 Family 6 Model 8 Stepping 1, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (67% free)
System Restore: Enabled
System drive C: has 177 GB (59%) free of 298 GB
---\\ System Connection Mode
~ Computer Name: NONO-OX0AZM41UK
~ User Name: NONO
~ All Users Names: UpdatusUser, NONO, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment Variables
~ System Unit: C:\
~ %AppZHP%: C:\Documents and Settings\NONO\Application Data\ZHP\
~ %AppData%: C:\Documents and Settings\NONO\Application Data\
~ %Desktop%: C:\Documents and Settings\NONO\Bureau\
~ %Favorites%: C:\Documents and Settings\NONO\Favoris\
~ %LocalAppData%: C:\Documents and Settings\NONO\Local Settings\Application Data\
~ %StartMenu%: C:\Documents and Settings\NONO\Menu Démarrer\
~ %Windir%: C:\WINDOWS\
~ %System%: C:\WINDOWS\system32\
---\\ Disk Units Enumeration
C: Hard drive, Flash drive, Thumb drive (Free 177 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 26 Go of 112 Go)
---\\ Windows Security Center Status
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Specific Search for Generic Files
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Windows Explorer.) (.04/14/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.BC2D4A54CEDD78ED5D65C27CE9C293C6] - (.Microsoft Corporation - Internet Extensions for Win32.) (.10/25/2013 - 12:24:09.) -- C:\WINDOWS\system32\wininet.dll [841216]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Windows NT Logon Application.) (.04/14/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.08/17/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.04/13/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.04/13/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.04/13/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - FIPS Cryptography Driver.) (.04/14/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.04/13/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - i8042 Port Driver.) (.04/14/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.04/13/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.04/13/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.04/13/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/15/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.04/13/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.04/13/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Parallel Port Driver.) (.04/14/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.04/13/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.04/13/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Red Book audio filter driver.) (.04/14/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Volume Shadow Copy driver.) (.04/14/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s
---\\ Status of Hidden Files (Hidden/Total)
~ My Pictures: 2/17
~ My Musics: 1/143
~ My Videos: 1/5
~ My Favorites: 1/70
~ My Documents: 2/2770
~ My Desktop: 1/1017
~ Programs: 1/20
~ Hidden Files: Scanned in 00mn 06s
---\\ Running Processes
[MD5.9AB5ED2F5F2A9DC947F13CF0D39843B3] - (.G Data Software AG - G Data AntiVirus Proxy Service.) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [1054792] [PID.1816]
[MD5.2064FEBDA3F9031B6C416740985F3259] - (.G Data Software AG - G Data InternetSecurity Scheduler Service.) -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [397896] [PID.1832]
[MD5.360E4F34D4FD87A432639A48054954EA] - (.G Data Software AG - G Data Filesystem Monitor Service.) -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [1251488] [PID.1864]
[MD5.641199534871783DD74138FE0BCFDAE7] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [271720] [PID.236]
[MD5.3A990B8FA88E1B9F2D99C1B9B8D76F4B] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.9.) -- C:\WINDOWS\system32\nvsvc32.exe [156448] [PID.304]
[MD5.D31F31342349964E245EAAC1BDC5F6A6] - (.G Data Software AG - G Data AntiVirus Scan Server.) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe [302152] [PID.684]
[MD5.872B3D5F6F9F9BDFD6A83EE8AA5824B4] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [69632] [PID.2152]
[MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- system32\RunDLL32.exe [0] [PID.2192]
[MD5.649667D4793ABA2B1CD933AA14278C0D] - (.G Data Software AG - G Data InternetSecurity Tray Application.) -- C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe [925768] [PID.2236]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.1488]
[MD5.8E5651B04BE775696B32F7F1F5DA8871] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8336896] [PID.3728]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Startup, Search, Extensions (G0,G1,G2)
C:\Documents and Settings\NONO\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins, Startup, Search, Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\prefs.js
C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\user.js
M3 - MFPP: Plugins - [NONO] -- C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\searchplugins\iminent.xml => Adware.IMBooster
M3 - MFPP: Plugins - [NONO] -- C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\searchplugins\sweetim.xml => PUP.SweetIM
M3 - MFPP: Plugins - [NONO] -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
P2 - FPN: Firefox Plugin Navigator (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll => P2P.BitComet
~ Firefox Browser: 17 Legitimates Filtered in 00mn 03s
---\\ Internet Explorer, Startup, Search, URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analysis of lines F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts File Redirection (O1)
~ The hosts file is clean.
~ Hosts File: Scanned in 00mn 00s
~ Number of lines: 20
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: G Data WebFilter - [HKLM]{0124123D-61B4-456f-AF86-78C53A0790C5} . (.G Data Software AG - G Data WebFilter Plugin.) -- C:\Program Files\G Data\AntiVirus\Webfilter\AVKWebIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Program [AllUsers]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [UpdatusUser]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe => .Microsoft Corporation
O4 - GS\Program [NONO]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe => .Microsoft Corporation
O4 - GS\Program [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe => .Microsoft Corporation
~ Global Startup: 8 Legitimates Filtered in 00mn 00s
---\\ Applications Launched at System Startup (O4)
O4 - GS\Program [AllUsers]: Microsoft Office.lnk . (.Microsoft Corporation - Microsoft Office XP component.) -- C:\Program Files\Microsoft Office\Office10\OSA.exe => .Microsoft Corporation
O4 - HKLM\..\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [LifeCam] . (.Microsoft Corporation - LifeExp.exe.) -- C:\Program Files\Microsoft LifeCam\LifeExp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll => .NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] . (.G Data Software AG - G Data InternetSecurity Tray Application.) -- C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WahOO] Orphan key
O4 - HKCU\..\Run: [eType] C:\Documents and Settings\NONO\Application Data\eType\eType.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe
O4 - HKUS\S-1-5-21-1614895754-1844237615-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1614895754-1844237615-682003330-1003\..\Run: [WahOO] Orphan key
O4 - HKUS\S-1-5-21-1614895754-1844237615-682003330-1003\..\Run: [eType] C:\Documents and Settings\NONO\Application Data\eType\eType.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Buttons on the Main Internet Explorer Toolbar (O9)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra
Hello, thank you for following the procedure by posting the report through a hosting service, as it is too long for the forum and therefore incomplete, thank you
Well, given the report, if it's not complete, it shows us some things so you do the following, thank you
1) run AdwCleaner
- Download AdwCleaner (from Xplode) to your desktop.
- Launch it, click on Scan and wait for the scan to finish.
- Once the scan is done, click on Clean. The PC will automatically restart and the report will appear at the end of the restart: post its content in your next response.
Note: The report is also saved under C:\AdwCleaner[S??].txt
A tutorial on AdwCleaner is available here: http://www.forum-entraide-informatique.com/support/adwcleaner-tutoriel-t875.html
Canned speech from FEI: https://www.forum-entraide-informatique.com/
2) run Junkware Removal Tool
- Download Junkware Removal Tool from this address (do not click on download, the download will start automatically): https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
- Save it to your desktop.
- Close all running applications.
- Open JRT.exe and press Enter: if you are using Windows Vista, 7 or 8, open it by right-clicking => Run as administrator.
- Wait for the tool to work: the desktop will disappear for a moment, this is completely normal.
- At the end of the analysis, a report named JRT.txt will open. Host it like this and post the obtained link in your next response.
Tutorial: http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html
3) redo a new zhpdiag and post it via a host as explained in the procedure, thank you
Double click on the ZHPDiag shortcut on your Desktop for XP, otherwise right-click and run as administrator!!
Click on CONFIGURE then on the screwdriver http://sd-4.archive-host.com/membres/up/89820622056365782/zhpdiag_tournevis.jpg then on All, then on OK
Click on SEARCH to start the analysis.
If you get a message asking for validation for SIGCHECK, accept with OK, this is to give us a more complete report and enable a more in-depth reading
Let the tool work, it may take some time
At the end of the analysis, click on the camera and save the report on your Desktop.
Close ZHPDiag at the end of the analysis.
To send it to me, click on this link:
https://www.cjoint.com/
Click on "choose a file " and look for the file C:\Documents and settings\your_session_name\desktop\.ZHPDiag.txt
or directly by choosing desktop and ZHPDiag.txt click on it
Click on Open.
Click on "create the cjoint link".
A link of this form:
https://www.cjoint.com/?BFqtoT9eR8I
is added to the page.
Copy this link into your response.
and if there is a problem go through this one: http://pjjoint.malekal.com/
Well, given the report, if it's not complete, it shows us some things so you do the following, thank you
1) run AdwCleaner
- Download AdwCleaner (from Xplode) to your desktop.
- Launch it, click on Scan and wait for the scan to finish.
- Once the scan is done, click on Clean. The PC will automatically restart and the report will appear at the end of the restart: post its content in your next response.
Note: The report is also saved under C:\AdwCleaner[S??].txt
A tutorial on AdwCleaner is available here: http://www.forum-entraide-informatique.com/support/adwcleaner-tutoriel-t875.html
Canned speech from FEI: https://www.forum-entraide-informatique.com/
2) run Junkware Removal Tool
- Download Junkware Removal Tool from this address (do not click on download, the download will start automatically): https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
- Save it to your desktop.
- Close all running applications.
- Open JRT.exe and press Enter: if you are using Windows Vista, 7 or 8, open it by right-clicking => Run as administrator.
- Wait for the tool to work: the desktop will disappear for a moment, this is completely normal.
- At the end of the analysis, a report named JRT.txt will open. Host it like this and post the obtained link in your next response.
Tutorial: http://www.forum-entraide-informatique.com/support/junkware-removal-tool-tutoriel-t8260.html
3) redo a new zhpdiag and post it via a host as explained in the procedure, thank you
Double click on the ZHPDiag shortcut on your Desktop for XP, otherwise right-click and run as administrator!!
Click on CONFIGURE then on the screwdriver http://sd-4.archive-host.com/membres/up/89820622056365782/zhpdiag_tournevis.jpg then on All, then on OK
Click on SEARCH to start the analysis.
If you get a message asking for validation for SIGCHECK, accept with OK, this is to give us a more complete report and enable a more in-depth reading
Let the tool work, it may take some time
At the end of the analysis, click on the camera and save the report on your Desktop.
Close ZHPDiag at the end of the analysis.
To send it to me, click on this link:
https://www.cjoint.com/
Click on "choose a file " and look for the file C:\Documents and settings\your_session_name\desktop\.ZHPDiag.txt
or directly by choosing desktop and ZHPDiag.txt click on it
Click on Open.
Click on "create the cjoint link".
A link of this form:
https://www.cjoint.com/?BFqtoT9eR8I
is added to the page.
Copy this link into your response.
and if there is a problem go through this one: http://pjjoint.malekal.com/
Hello Jacques.
Here is the address of the first ZHPdiag report: http://cjoint.com/?0ABqYRHEYhc
And the ADwCleaner report:
# AdwCleaner v3.017 - Report created on 01/26/2014 at 11:51:21
# Updated on 01/12/2014 by Xplode
# Operating system: Microsoft Windows XP Service Pack 3 (32 bits)
# Username: NONO - NONO-OX0AZM41UK
# Run from: C:\Documents and Settings\NONO\My documents\Downloads\adwcleaner.exe
# Option: Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21364
-\\ Mozilla Firefox v26.0 (fr)
[ File: C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\prefs.js ]
-\\ Google Chrome v
[ File: C:\Documents and Settings\NONO\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [39602 bytes] - [01/25/2014 01:35:49]
AdwCleaner[R1].txt - [1136 bytes] - [01/26/2014 11:48:00]
AdwCleaner[S0].txt - [40089 bytes] - [01/25/2014 01:42:26]
AdwCleaner[S1].txt - [1058 bytes] - [01/26/2014 11:51:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1118 bytes] ##########
I’m taking care of Junkware and will keep you updated.
Thank you.
Here is the address of the JRT.exe report: http://cjoint.com/?0ABrKS4WNoS
I will redo a ZHP diag and insert the address afterwards.
Here is the latest ZHPDiag report.
Best regards.
Here is the address of the first ZHPdiag report: http://cjoint.com/?0ABqYRHEYhc
And the ADwCleaner report:
# AdwCleaner v3.017 - Report created on 01/26/2014 at 11:51:21
# Updated on 01/12/2014 by Xplode
# Operating system: Microsoft Windows XP Service Pack 3 (32 bits)
# Username: NONO - NONO-OX0AZM41UK
# Run from: C:\Documents and Settings\NONO\My documents\Downloads\adwcleaner.exe
# Option: Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21364
-\\ Mozilla Firefox v26.0 (fr)
[ File: C:\Documents and Settings\NONO\Application Data\Mozilla\Firefox\Profiles\mxo7dye6.default\prefs.js ]
-\\ Google Chrome v
[ File: C:\Documents and Settings\NONO\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [39602 bytes] - [01/25/2014 01:35:49]
AdwCleaner[R1].txt - [1136 bytes] - [01/26/2014 11:48:00]
AdwCleaner[S0].txt - [40089 bytes] - [01/25/2014 01:42:26]
AdwCleaner[S1].txt - [1058 bytes] - [01/26/2014 11:51:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1118 bytes] ##########
I’m taking care of Junkware and will keep you updated.
Thank you.
Here is the address of the JRT.exe report: http://cjoint.com/?0ABrKS4WNoS
I will redo a ZHP diag and insert the address afterwards.
Here is the latest ZHPDiag report.
Best regards.
Hello, your AdwCleaner report shows nothing and that's normal because between your first ZHPDiag and my response, you ran AdwCleaner[S0].txt - [40089 bytes] - [25/01/2014 01:42:26] and given the size of the report, it probably cleaned well!!
Now, do you have Malwarebytes on your PC? Make sure to update it and perform a full scan of your PC!! Then let us know how the PC is doing and your issues!!
Double-click on Malwarebytes
In the "Update" tab, click on the Check for Updates button
Once the update is complete
Go to the Scan tab
Select Run a Full Scan
Select all drives if offered
Click on Scan
The scan starts.
At the end of the scan, a message appears: The scan completed successfully. Click on 'Show Results' to view all found items.
Click on OK to continue.
If any malware is detected, click on Show Results
Select all (or leave checked) and click on Quarantine Selected Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
Malwarebytes will open Notepad and copy the scan report there.
Restart the PC if it doesn’t do it itself
Once restarted, double-click on Malwarebytes
Go to the Reports/Logs tab
Click on it to view it once displayed
Click on Edit at the top of Notepad, then on Select All
Click on Edit again and then on Copy, then return to the forum and in your reply
Right-click in the reply box and Paste.
Now, do you have Malwarebytes on your PC? Make sure to update it and perform a full scan of your PC!! Then let us know how the PC is doing and your issues!!
Double-click on Malwarebytes
In the "Update" tab, click on the Check for Updates button
Once the update is complete
Go to the Scan tab
Select Run a Full Scan
Select all drives if offered
Click on Scan
The scan starts.
At the end of the scan, a message appears: The scan completed successfully. Click on 'Show Results' to view all found items.
Click on OK to continue.
If any malware is detected, click on Show Results
Select all (or leave checked) and click on Quarantine Selected Malwarebytes will destroy the files and registry keys and put a copy in quarantine.
Malwarebytes will open Notepad and copy the scan report there.
Restart the PC if it doesn’t do it itself
Once restarted, double-click on Malwarebytes
Go to the Reports/Logs tab
Click on it to view it once displayed
Click on Edit at the top of Notepad, then on Select All
Click on Edit again and then on Copy, then return to the forum and in your reply
Right-click in the reply box and Paste.
Good evening, Here is the latest report from Malwarebyte's:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.27.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
NONO :: NONO-OX0AZM41UK [administrator]
27/01/2014 23:14:39
mbam-log-2014-01-27 (23-14-39).txt
Scan type: Complete scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM | P2P
Scan options disabled:
Item(s) scanned: 303584
Elapsed time: 1 hour(s), 40 minute(s), 9 second(s)
Memory process detected: 0
(No malicious item detected)
Memory module(s) detected: 0
(No malicious item detected)
Registry key(s) detected: 0
(No malicious item detected)
Registry value(s) detected: 0
(No malicious item detected)
Registry data item(s) detected: 0
(No malicious item detected)
Folder(s) detected: 0
(No malicious item detected)
File(s) detected: 0
(No malicious item detected)
(end)
However, still unable to update G DATA Antivirus, GDSC.exe encounters a problem and must close during the engine update B !!! If you have any clues!!
Thank you
Best regards.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.27.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
NONO :: NONO-OX0AZM41UK [administrator]
27/01/2014 23:14:39
mbam-log-2014-01-27 (23-14-39).txt
Scan type: Complete scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristic/Extra | Heuristic/Shuriken | PUP | PUM | P2P
Scan options disabled:
Item(s) scanned: 303584
Elapsed time: 1 hour(s), 40 minute(s), 9 second(s)
Memory process detected: 0
(No malicious item detected)
Memory module(s) detected: 0
(No malicious item detected)
Registry key(s) detected: 0
(No malicious item detected)
Registry value(s) detected: 0
(No malicious item detected)
Registry data item(s) detected: 0
(No malicious item detected)
Folder(s) detected: 0
(No malicious item detected)
File(s) detected: 0
(No malicious item detected)
(end)
However, still unable to update G DATA Antivirus, GDSC.exe encounters a problem and must close during the engine update B !!! If you have any clues!!
Thank you
Best regards.
Good evening Jacques.
When trying to download via your link or Google, Delfix is giving me a virus blocked by GDATA!! Should I download it anyway and force it? Since there doesn't seem to be an infection in my system, I'm waiting for your go-ahead to do it!
I tried to uninstall JAVA but it's impossible!! See the attached screenshot on Word.
http://cjoint.com/?0AExFOIvE9a
Thank you
When trying to download via your link or Google, Delfix is giving me a virus blocked by GDATA!! Should I download it anyway and force it? Since there doesn't seem to be an infection in my system, I'm waiting for your go-ahead to do it!
I tried to uninstall JAVA but it's impossible!! See the attached screenshot on Word.
http://cjoint.com/?0AExFOIvE9a
Thank you
Good evening,
here is the Delfix report: http://cjoint.com/?0AFx3N0lrHw
This PC is my personal one.
I will keep you updated on what happens next
thank you
here is the Delfix report: http://cjoint.com/?0AFx3N0lrHw
This PC is my personal one.
I will keep you updated on what happens next
thank you
Hello Jacques,
For Delfix, it's impossible to check "Restore UAC" as it's greyed out. Moreover, GDATA puts it in quarantine, and when I try to disinfect, the PC shuts down!! It restarts with a serious error occurred....
For JAVA, I tried to reinstall it, but it shows me this: Error - Java Installer
=> File c:\Documents and Settings\NONO\Application Data\Sun\Java\jre 1.7.0_51\jre1036.MST Does not exist
I can't help you more!!
For Delfix, it's impossible to check "Restore UAC" as it's greyed out. Moreover, GDATA puts it in quarantine, and when I try to disinfect, the PC shuts down!! It restarts with a serious error occurred....
For JAVA, I tried to reinstall it, but it shows me this: Error - Java Installer
=> File c:\Documents and Settings\NONO\Application Data\Sun\Java\jre 1.7.0_51\jre1036.MST Does not exist
I can't help you more!!
For Delfix, unable to check "restore UAC" (it's grayed out).
I ran CCleaner, it performed 2 repairs.
GDATA still doesn’t work!! After CCleaner I tried a new update, but still stuck on Engine B.
Uninstallation, reinstallation, update, it still blocks Engine B.
=> 2 windows GDSC.exe has encountered a problem... and Drwtsn32.exe has encountered a problem...
Quick scan by GDATA found no viruses on the PC (apparently!)
If I can provide any other clues, don't hesitate!!
thanks again for your help and patience
I ran CCleaner, it performed 2 repairs.
GDATA still doesn’t work!! After CCleaner I tried a new update, but still stuck on Engine B.
Uninstallation, reinstallation, update, it still blocks Engine B.
=> 2 windows GDSC.exe has encountered a problem... and Drwtsn32.exe has encountered a problem...
Quick scan by GDATA found no viruses on the PC (apparently!)
If I can provide any other clues, don't hesitate!!
thanks again for your help and patience